Le 13/01/2015 08:05, Christian Krbusek a écrit :
Hi,
thanks for consider running a mirror!
In fact you can't prevent that but you are also mirroring the signature files. So anybody downloading from any mirror - even the original host - should verify the downloads.
Cheers, Chris
How do we prevent a mirror admin from tempering with the served files ?
So let's pretend I want to push some malicous TBB bianries... 1) Nicely behave as a mirror for serveral month to get good reputation (if any) 2) Build malicious Bundles and sign them with a a bogus key carrying Erinn Clark's public info and replace the original files 3) publish this key to some keyserver 4) Modify /docs/verifying-signatures.html.en & /docs/signing-keys.html.en to have visitors retrieve and somewhat trust my key 5) Wait for people to download binaries and omit to verify signatures, let alone keys... I could have a chance of pushing some dity bits out there, what do you think ? Shouldn't these 2 files be excluded of the mirroring process ? -- Frédéric CORNU